ASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Apr 2016 22:46:18 +0000 (22:46 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Apr 2016 22:46:18 +0000 (22:46 +0000)
https://bugs.webkit.org/show_bug.cgi?id=156930

Reviewed by Joseph Pecoraro.

The loop that prunes the stack from the top should preserve the invariant that the top frame
cannot be tail-deleted.

* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::update):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/interpreter/ShadowChicken.cpp

index acab252..92c82df 100644 (file)
@@ -1,3 +1,16 @@
+2016-04-22  Filip Pizlo  <fpizlo@apple.com>
+
+        ASSERT(m_stack.last().isTailDeleted) at ShadowChicken.cpp:127 inspecting the inspector
+        https://bugs.webkit.org/show_bug.cgi?id=156930
+
+        Reviewed by Joseph Pecoraro.
+        
+        The loop that prunes the stack from the top should preserve the invariant that the top frame
+        cannot be tail-deleted.
+
+        * interpreter/ShadowChicken.cpp:
+        (JSC::ShadowChicken::update):
+
 2016-04-22  Benjamin Poulain  <benjamin@webkit.org>
 
         Attempt to fix the CLoop after r199866
index 3695127..8934691 100644 (file)
@@ -114,7 +114,7 @@ void ShadowChicken::update(VM&, ExecState* exec)
     if (verbose)
         dataLog("    Highest point since last time: ", RawPointer(highestPointSinceLastTime), "\n");
     
-    while (!m_stack.isEmpty() && m_stack.last().frame < highestPointSinceLastTime)
+    while (!m_stack.isEmpty() && (m_stack.last().frame < highestPointSinceLastTime || m_stack.last().isTailDeleted))
         m_stack.removeLast();
     
     if (verbose)